Digi Yatra Reshaping Paperless Travel through Biometrics

The Digi Yatra Foundation (DYF) operates as a not-for-profit entity, incorporated under section 8 and registered as per the Companies Act 2013. Its primary objective is to implement a digital ecosystem that enhances the efficiency of air travel in alignment with the Digi Yatra Policy issued by the Ministry of Civil Aviation.

Currently, DYF is actively engaged in developing the Digi Yatra Central Ecosystem, which aims to provide air travellers with a seamless and memorable digital experience. This ecosystem utilizes real-time selfie-based facial biometric validation for authentication purposes.

The core mission of DYF is to guarantee seamless and fortified journeys, fostering an unwavering sense of ease for passengers from embarkation to arrival. Moreover, Digi Yatra prioritizes sustainability, epitomized by DYF’s transition towards a completely paperless and automated authentication and verification process, thereby slashing environmental carbon emissions and propelling us towards a more ecologically responsible future.

In an enlightening dialogue with The Interview World, Siddharth Sharma, Head of IT Operations at Digi Yatra Foundation, underscored how the Digi Yatra Central Ecosystem is revolutionizing air travel across India. He accentuated the organization’s unwavering dedication to preserving data security and privacy through the adoption of cutting-edge technologies such as decentralized identity (DID), self-sovereign identity (SSI), and verified credentials, enabling authentication and verification procedures sans the storage or accumulation of any user data on centralized servers. Furthermore, Siddharth elaborated on plans to enrich the system by introducing novel features and expanding its utility. Herein lie the pivotal insights gleaned from his interview.

Q: Can you provide an overview of how the Digi Yatra Central Ecosystem (DYCE) is revolutionizing air travel in India, particularly in terms of enhancing passenger experience and operational efficiency?

A: Allow me to share an anecdote in response to this. During the early days of the rollout of Digi Yatra at airports, I came across an elderly individual, aged 60, who inquired, “Can you register me for the Digi Yatra app? I’ve heard about it, but I’m not sure what it’s all about.” Surprisingly, this was a demographic we least expected to engage with our digital airport journey service. Nevertheless, I swiftly guided him through the registration process.

Afterward, I explained to him that he could seamlessly pass through the entry gate and DigiYatra E-Gate by simply showing his face. Sceptical yet intrigued, he asked, “Is that possible? Will it work?” Assuring him, I replied, “Yes, just walk through.”

To his amazement, as he passed through the gate, he found the experience truly remarkable. This encounter embodies the vision and inspiration that initiated our journey with Digi Yatra. Behind the scenes, significant efforts are underway to simplify the travel process. Our goal is to ensure every journey with us is smooth and secure, instilling a sense of ease from check-in to boarding.

Q: How does the Digi Yatra Foundation ensure data security and privacy while managing the vast amount of passenger information collected within the DYCE platform?

A: Digi Yatra isn’t privy to your travel plans, nor is anyone else in the ecosystem. Our guiding principle is privacy by design. From the outset, we committed to seamless processes without compromising privacy. How do we achieve this? Blockchain technology working quietly in the background, alongside a public key infrastructure, enables us to maintain privacy.

To simplify, consider the familiar process of obtaining a certified document. You make a copy, get it stamped by a trusted authority, and submit it. This establishes a trust circle involving you, the authority, and the recipient. Digi Yatra operates similarly.

In this scenario, the trusted authority is the Digi Yatra Foundation. When utilizing the Digi Yatra app, the user undergoes authentication and retrieves data from DigiLocker or Aadhaar. Following the retrieval of your details, we rigorously verify your identity through a selfie match against the Aadhaar image. Once confirmed, this authenticated selfie, alongside the user’s essential information including name, gender, date of birth, and masked Aadhaar, forms a verified credential securely stored within the user’s Digi Yatra Wallet. Data retrieved from Aadhaar is promptly purged, ensuring nothing remains stored centrally on any server. This approach, known as DID (Decentralized Identity), staunchly upholds the principles of data minimization and privacy by design.

Upon creation, users possess the liberty to share this verified credential as frequently as desired within the trusted ecosystem. Entities integrated into the Digi Yatra platform as verifiers, such as airports, can readily acknowledge and validate this verified credential to grant access to services, like airport entry. Verifiers, before accepting data within their environment, meticulously verify its authenticity through the Digi Yatra Central Eco System. This exchange of information and validation is solely initiated by the user at the point of accessing services, for instance, essential data is shared by the traveller solely when obtaining a boarding pass, typically 48 hours before the journey.

You have control over when to share this data, even minutes before traveling. Airports automatically delete this data within 24 hours of your flight departure. Regular audits ensure compliance, including checks at airports to verify timely data deletion.

Concerning your boarding pass, airports have existing system integration with airlines to readily access this information for operational efficiency. Automated systems validate your travel details, ensuring a seamless journey experience.

Q: What’s your next plan after integrating your system at airports in India?

A: We tackled the challenge of sharing one’s ID in a privacy-preserving manner for one of the most secure environments, the airports. Our solution lies in this wallet, enabling secure sharing without divulging unnecessary details. The goal is to authenticate oneself without compromising privacy.

Consider hotels as an example. Currently, it’s common practice to hand over copies of IDs like Aadhaar cards upon check-in. Despite this, concerns about data breaches remain unaddressed.

Enter Digi Yatra – a solution that eliminates the need for physical document sharing. Instead, a simple confirmation suffices, akin to the green tick in UPI transactions. This streamlined process marks our path forward.

Although some may still request traditional ID proof alongside Digi Yatra, acceptance of the latter is growing. As we progress, more entities, including airports, are likely to adopt this approach.

Q: Looking ahead, what future developments or enhancements do you envision for the Digi Yatra ecosystem, and how do you plan to adapt to evolving technologies and passenger needs in the aviation industry?

A: Firstly, we never anticipated such a massive user base within just one year. Consequently, we found ourselves addressing the challenges of growth and scalability. Our various departments are diligently ensuring compliance with all protocols and standards. Much of our time currently is dedicated to fortifying the system, timely audits, and ensuring adherence to principles like privacy by design.

With the introduction of the Digital Personal Data Protection Act in 2023, we have enhanced our consent mechanisms. Regular users may have noticed that previously, consent was not obtained each time before sharing boarding pass data. Now, it’s mandatory, as boarding pass data changes with each use, obtaining consent each time becomes necessary. We’ve also refined the consent process for minors, a delicate area requiring careful handling.

We’ve introduced a mandatory policy stipulating that minors cannot create verifiable credentials without guardian consent. The guardian or parent must first create their verified credential before generating one for the minor. Subsequently, they can provide consent on behalf of the minor and create the minor’s verified credentials. This represents a crucial update we’ve implemented.

Moving on to the platform side, regarding growth, we have international expansion plans. Opening up to international passengers poses challenges involving visas, the Bureau of Immigration, and other regulatory entities. Data sharing will need careful management, adhering strictly to privacy by design principles. Our application’s core remains centred on not storing unnecessary data, focusing instead on identity verification where needed.

Hotel check-ins are a significant area of focus for us, along with building access control. Once validated, users can revisit these places without the need for data storage. Near Field Communication (NFC) facilitates real-time validation. When tapping your phone on an NFC device, validation occurs instantly, without directly sharing data with the validating entity. This is our plan, and we’re eagerly anticipating its implementation.